Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to Block/Ban Traffic From Specific Referrer
Top Forums UNIX for Dummies Questions & Answers How to Block/Ban Traffic From Specific Referrer Post 302102763 by BOFH on Friday 12th of January 2007 02:38:57 PM
Old 01-12-2007
Quote:
Originally Posted by osoamor
it's apache
That's fine. Apache on what? Smilie

Some OS's (like Linux or BSD) have firewalls as part of the default installation. You can set up a quickie firewall rule to block the IP address.

OpenBSD firewall example from my web server:

Code:
# cat /etc/pf.conf
# External interface and address
ext_if="vr0"
ext_ad="xx.xx.xx.xx/32"

# in general, block all incoming connections
block in on $ext_if

# block all net idiots
block in quick on $ext_if inet proto tcp from [badipaddr] port = 80

# let all outbound traffic go
pass out quick on $ext_if inet from ($ext_if) to any flags S/SA keep state

# let everyone else access the web server
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port = 80 flags S/SA modulate state

I believe you can use your /etc/hosts.deny file to block access to your web server. As you can see, I use my firewall for that so I'd have to do a little search before I could present an example for you. Try googling on hosts.deny.

Oh and of course, don't use my pf.conf file without knowing what every rule does. I've clipped out a bunch of rules so I can show you a little example.

Carl
 

10 More Discussions You Might Find Interesting

1. IP Networking

block telnet to specific port

Hello All I am running redhat linux 7.2 and would like to know how i can block telnetting to a specified port . say for example i would like to block telnet acesses to port 80. regards Xiamin (5 Replies)
Discussion started by: xiamin
5 Replies

2. Shell Programming and Scripting

Extracting specific block

Hi Everyone , have a great day i have a file which has almost 20,000 blocks each starting with this particular line " rTCCreditControlRecord " , how can i bring out the 7172 block out of that file Thanks in Anticipation (7 Replies)
Discussion started by: Dastard
7 Replies

3. Shell Programming and Scripting

Block incoming traffic FTP from internet using iptables

Hi everybody. I have the next scenary: eth0: WAN eth1: DMZ eth2: LAN I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles. I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies

4. Web Development

PHP Help - Delete cookies and redirect back to referrer

I was wondering if any one would be willing to help me with this. I'd like to create a 503 error page using a PHP script that will do the following: - delete all cookies that contains 'something' in the host and 'JSESSIONID' as the cookie name. There are either 1 or 2 cookies that each... (0 Replies)
Discussion started by: Adrnalnrsh
0 Replies

5. IP Networking

block windows file sharing traffic between networks

I have a LAN for users 192.0.3.0 I have a WAN for servers 192.0.0.0 I have a iptables capable router with a static route from 192.0.3.0 to 192.0.0.0 my problem is SMB file sharing traffic is leaking on to our 192.0.0.0 and causing congestion. I only have one printer IP address that needs... (13 Replies)
Discussion started by: herot
13 Replies

6. IP Networking

How does a router directs the internet traffic to a specific host in the private network?

how does a router directs the internet traffic to a specific host in the private network? Example: My PC has ip 192.168.134.100 Router has ip 192.168.134.200 My company's ip 202.52.150.33 When i try to access internet, say google, it traverses from... (1 Reply)
Discussion started by: Arun_Linux
1 Replies

7. UNIX for Advanced & Expert Users

Linux bridged firewall - monitor traffic & block IP

Hi All, I successfully configured a DEBIAN Lenny bridged firewall using ebtables. The bridged interface is br0. The ethernet interface are eth0 & eth1 respectively. All the traffic are transparently passing my firewall but i need to find & block temporarily the bandwidth abusers. Can... (1 Reply)
Discussion started by: coolatt
1 Replies

8. SCO

OSR 5.0.7 need to block a specific IP

There are huge number of messages in syslog suggesting one of the client's IP is trying to telnet/ssh/pop/imap into the OSR5.0.7 system, it happens every minute or so, see a snippet below Oct 9 13:11:20 myhost popper: (null) at 192.168.1.123 (192.168.1.123): -ERR POP EOF or I/O Error: 25... (3 Replies)
Discussion started by: migurus
3 Replies

9. Proxy Server

IPtable rules for DNS/http/https traffic for specific hosts only, not working.

Hi there, I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies

10. UNIX for Dummies Questions & Answers

Add a block of code at the end of a specific block

I need to search for a block with the starting pattern say "tabId": "table_1", and ending pattern say "]" and then add a few lines before "]" "block1":"block_111" "tabId": "table_1", "title":"My title" ..... .... }] how do I achieve it using awk and sed. Thanks, Lakshmi (3 Replies)
Discussion started by: Lakshmikumari
3 Replies

LEARN ABOUT FREEBSD

pfsync

PFSYNC(4)						   BSD Kernel Interfaces Manual 						 PFSYNC(4)

NAME

     pfsync -- packet filter state table sychronisation interface

SYNOPSIS

     device pfsync

DESCRIPTION

     The pfsync interface is a pseudo-device which exposes certain changes to the state table used by pf(4).  State changes can be viewed by
     invoking tcpdump(1) on the pfsync interface.  If configured with a physical synchronisation interface, pfsync will also send state changes
     out on that interface, and insert state changes received on that interface from other systems into the state table.

     By default, all local changes to the state table are exposed via pfsync.  State changes from packets received by pfsync over the network are
     not rebroadcast.  Updates to states created by a rule marked with the no-sync keyword are ignored by the pfsync interface (see pf.conf(5) for
     details).

     The pfsync interface will attempt to collapse multiple state updates into a single packet where possible.	The maximum number of times a sin-
     gle state can be updated before a pfsync packet will be sent out is controlled by the maxupd parameter to ifconfig (see ifconfig(8) and the
     example below for more details).  The sending out of a pfsync packet will be delayed by a maximum of one second.

NETWORK SYNCHRONISATION

     States can be synchronised between two or more firewalls using this interface, by specifying a synchronisation interface using ifconfig(8).
     For example, the following command sets fxp0 as the synchronisation interface:

	   # ifconfig pfsync0 syncdev fxp0

     By default, state change messages are sent out on the synchronisation interface using IP multicast packets to the 244.0.0.240 group address.
     An alternative destination address for pfsync packets can be specified using the syncpeer keyword.  This can be used in combination with
     ipsec(4) to protect the synchronisation traffic.  In such a configuration, the syncdev should be set to the enc(4) interface, as this is
     where the traffic arrives when it is decapsulated, e.g.:

	   # ifconfig pfsync0 syncpeer 10.0.0.2 syncdev enc0

     It is important that the pfsync traffic be well secured as there is no authentication on the protocol and it would be trivial to spoof pack-
     ets which create states, bypassing the pf ruleset.  Either run the pfsync protocol on a trusted network - ideally a network dedicated to
     pfsync messages such as a crossover cable between two firewalls, or specify a peer address and protect the traffic with ipsec(4).

     pfsync has the following sysctl(8) tunables:

     net.pfsync.carp_demotion_factor
		 Value added to net.inet.carp.demotion while pfsync tries to perform its bulk update.  See carp(4) for more information.  Default
		 value is 240.

EXAMPLES

     pfsync and carp(4) can be used together to provide automatic failover of a pair of firewalls configured in parallel.  One firewall will han-
     dle all traffic until it dies, is shut down, or is manually demoted, at which point the second firewall will take over automatically.

     Both firewalls in this example have three sis(4) interfaces.  sis0 is the external interface, on the 10.0.0.0/24 subnet; sis1 is the internal
     interface, on the 192.168.0.0/24 subnet; and sis2 is the pfsync interface, using the 192.168.254.0/24 subnet.  A crossover cable connects the
     two firewalls via their sis2 interfaces.  On all three interfaces, firewall A uses the .254 address, while firewall B uses .253.  The inter-
     faces are configured as follows (firewall A unless otherwise indicated):

     Interfaces configuration in /etc/rc.conf:

	   network_interfaces="lo0 sis0 sis1 sis2"
	   ifconfig_sis0="10.0.0.254/24"
	   ifconfig_sis0_alias0="inet 10.0.0.1/24 vhid 1 pass foo"
	   ifconfig_sis1="192.168.0.254/24"
	   ifconfig_sis1_alias0="inet 192.168.0.1/24 vhid 2 pass bar"
	   ifconfig_sis2="192.168.254.254/24"
	   pfsync_enable="YES"
	   pfsync_syncdev="sis2"

     pf(4) must also be configured to allow pfsync and carp(4) traffic through.  The following should be added to the top of /etc/pf.conf:

	   pass quick on { sis2 } proto pfsync keep state (no-sync)
	   pass on { sis0 sis1 } proto carp keep state (no-sync)

     It is preferable that one firewall handle the forwarding of all the traffic, therefore the advskew on the backup firewall's carp(4) vhids
     should be set to something higher than the primary's.  For example, if firewall B is the backup, its carp1 configuration would look like
     this: would look like this:

	   ifconfig_sis1_alias0="inet 192.168.0.1/24 vhid 2 pass bar advskew 100"

     The following must also be added to /etc/sysctl.conf:

	   net.inet.carp.preempt=1

SEE ALSO

     tcpdump(1), bpf(4), carp(4), enc(4), inet(4), inet6(4), ipsec(4), netintro(4), pf(4), pf.conf(5), protocols(5), rc.conf(5), ifconfig(8)

HISTORY

     The pfsync device first appeared in OpenBSD 3.3.  It was first imported to FreeBSD 5.3.

     The pfsync protocol and kernel implementation were significantly modified in FreeBSD 9.0.	The newer protocol is not compatible with older
     one and will not interoperate with it.

BSD
								 December 20, 2011							       BSD
All times are GMT -4. The time now is 05:03 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy